Navy Innovation, Silicon Valley Style

A diverse collective of nearly 150 of Silicon Valley’s best coders, hackers and all around cyber experts gathered June 24-26 at warehouse-turned-innovation hub Galvanize in the heart of San Francisco, California. Their charge was to hack into the code controlling the Naval Postgraduate School’s fleet of autonomous swarming drones.

Participants brainstorm their methods of attack during the 2016 Navy “#HackTheSky” hackathon, hosted by the Naval Postgraduate School (NPS) and Navy Office of Strategy and Innovation, at Galvanize in San Francisco, California, June 24-26.The event brought together an array of hackers, cyber experts, Silicon Valley tech representatives, and data scientists to discover vulnerabilities in code for unmanned aerial vehicles developed at NPS. (U.S. Navy photo by Mass Communication Specialist 2nd Class Victoria Ochoa)

Coined #HackTheSky, the event included three distinct events – an onsite hackathon, the Future of Autonomy Workshop, and a global crowd-sourced initiative to create a user experience and interface for a swarm commander. The event proved to achieve all we had hoped it would – improved control software and several steps forward on some innovative technology developed on a shoestring budget. But the event was about much more than simply improving technology, as important as that is.

Fundamentally, we are interested in ideas that protect our nation and influence adversaries through power in the information age. #HackTheSky was an experiment to see if there are techniques within the Federal Acquisition Regulations that allow for software development at a pace significantly faster than we develop and acquire hardware. Moreover, a system with two speeds – one for software acquisition and one for hardware – is the model we must adopt to avoid strategic risk against an adversary that adopts software development speed as an organizing principle of their force.

#HackTheSky also was designed to increase diversity of our technological base. As a Navy, we are focused on increasing our cultural diversity because we understand that diverse teams address and solve problems with greater flexibility and creativity. However, we have limited our prime technology developers to a closed set of large contractors.

Participants brainstorm their methods of attack during the 2016 Navy “#HackTheSky” hackathon, hosted by the Naval Postgraduate School (NPS) and Navy Office of Strategy and Innovation, at Galvanize in San Francisco, California, June 24-26.The event brought together an array of hackers, cyber experts, Silicon Valley tech representatives, and data scientists to discover vulnerabilities in code for unmanned aerial vehicles developed at NPS. (U.S. Navy photo by Mass Communication Specialist 2nd Class Victoria Ochoa)

Although there is support for small business in the Federal Acquisition Regulations, we routinely see the same companies bidding on government work. More than 70 organizations registered for #HackTheSky, most of which had never worked with the government before. And our social media campaign reached more than 3.4 million impressions with a positive sentiment analysis around a very sensitive topic, military drones. This is a powerful statement about Silicon Valley’s best and brightest and their willingness to help us answer difficult questions in new ways.

In cybersecurity we used to say that, “Every company has been hacked, some just don’t know it yet!” A more useful riff on this idea is that, “Every organization is a software and data company, some just don’t know it yet.”

As a Navy this is hard to accept because we love our ships, submarines and aircraft, but increasingly, the capabilities of our hardware are fully dependent on good software. So we are truly a software “company” with all the risks and benefits that reality affords.

Fundamentally, there are hundreds of good software tools and security products that we will be able to buy from the commercial market, but we face an existential challenge against nation-state threats that drive unique military requirements. And of course, there are domains where we should not, and some where we cannot, use commercial solutions, either because they do not exist or we would need to differentiate our risk exposure. In those cases, we will simply need to have unique Department of the Navy solutions.

Ultimately, this three-day hackathon provided two key takeaways for both business and military leaders. First, we are a data driven organization and we need to understand our data rights, protections and streams. Second, we need to produce unique software that keeps pace with leading software companies. We do not have many examples of this being done well right now, but #HackTheSky foreshadowed some ways we might begin this effort.

Finally, #HackTheSky demonstrated that we cannot continue to advance autonomy and unmanned systems without a closely linked parallel effort to implement cyber security for those systems. We have invested in an innovative capability to conduct unmanned and autonomous research at the Naval Postgraduate School, but we should probably look at a similar vehicle for cyber experimentation to move the entire set of capabilities forward in concert.